some progress...
This commit is contained in:
parent
a84600e42a
commit
5981655b54
@ -164,9 +164,9 @@ EOF
|
|||||||
cd "${CAROOT}"
|
cd "${CAROOT}"
|
||||||
/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
|
/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
|
||||||
|
|
||||||
mkdir -p /etc/letsencrypt/live/kaz.local/
|
mkdir -p /etc/letsencrypt/live/kaz.milxc/
|
||||||
ln -s ../../local/_wildcard.kaz.local.pem /etc/letsencrypt/live/kaz.local/fullchain.pem
|
ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem
|
||||||
ln -s ../../local/_wildcard.kaz.local-key.pem /etc/letsencrypt/live/kaz.local/privkey.pem
|
ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Essai pour faire accepter la CA à FFOX dès le début
|
# Essai pour faire accepter la CA à FFOX dès le début
|
||||||
@ -192,6 +192,16 @@ EOF
|
|||||||
cd snster
|
cd snster
|
||||||
./install.sh
|
./install.sh
|
||||||
|
|
||||||
|
# SNSTER KAZ
|
||||||
|
cp -ar ${VAGRANT_SRC_DIR}/templates /root
|
||||||
|
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||||
|
|
||||||
|
# crypto keys
|
||||||
|
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
|
||||||
|
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
||||||
|
|
||||||
|
# Build SNSTER KAZ !
|
||||||
|
snster -c /root/snster-kaz -t /root/templates create
|
||||||
|
|
||||||
# clear apt cache
|
# clear apt cache
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||||
|
@ -24,8 +24,8 @@ hosts:
|
|||||||
- bgprouter:
|
- bgprouter:
|
||||||
asn: 20
|
asn: 20
|
||||||
asdev: eth1;eth2
|
asdev: eth1;eth2
|
||||||
neighbors4: 100.64.1.1 as 31
|
neighbors4: 100.64.0.1 as 30
|
||||||
neighbors6: 2001:db8:b001::1 as 31
|
neighbors6: 2001:db8:b000::1 as 30
|
||||||
- resolv:
|
- resolv:
|
||||||
nameserver: 100.100.100.100
|
nameserver: 100.100.100.100
|
||||||
domain: isp-a.milxc
|
domain: isp-a.milxc
|
||||||
|
@ -14,9 +14,9 @@ chmod +x /clawsmail/genpasswd
|
|||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail
|
DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail
|
||||||
|
|
||||||
if [ -f /clawsmail/addclawsuser.sh ]; then
|
if [ -f /clawsmail/addclawsuser.sh ]; then
|
||||||
/clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
|
su debian /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
|
||||||
/clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
|
su debian /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
|
||||||
/clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
|
su debian /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
|
||||||
/clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
|
su debian /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
|
||||||
/clawsmail/addclawsuser.sh email isp-a.milxc email 4
|
su debian /clawsmail/addclawsuser.sh email isp-a.milxc email 4
|
||||||
fi
|
fi
|
||||||
|
@ -15,7 +15,7 @@ smtp IN CNAME dmz
|
|||||||
imap IN CNAME dmz
|
imap IN CNAME dmz
|
||||||
www IN CNAME dmz
|
www IN CNAME dmz
|
||||||
mail IN CNAME dmz
|
mail IN CNAME dmz
|
||||||
listes IN MX listes
|
listes IN MX 10 listes
|
||||||
listes IN A 100.80.1.2
|
listes IN A 100.80.1.2
|
||||||
firewall IN A 100.80.0.1
|
firewall IN A 100.80.0.1
|
||||||
firewall IN AAAA 2001:db8:80::0:1
|
firewall IN AAAA 2001:db8:80::0:1
|
||||||
|
@ -9,26 +9,11 @@ cd `dirname $0`
|
|||||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||||
systemctl stop systemd-resolved
|
systemctl stop systemd-resolved
|
||||||
|
|
||||||
apt-get update
|
DEBIAN_FRONTEND=noninteractive apt-get update
|
||||||
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
||||||
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||||
then
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y certbot python3-certbot-apache
|
|
||||||
else
|
|
||||||
echo "Unsupported Debian version"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# preconfig TLS and certbot
|
|
||||||
a2enmod ssl
|
|
||||||
a2ensite default-ssl.conf
|
|
||||||
echo -e "
|
|
||||||
email=admin@kaz.milxc
|
|
||||||
agree-tos=1
|
|
||||||
no-verify-ssl=1
|
|
||||||
" >> /etc/letsencrypt/cli.ini
|
|
||||||
|
|
||||||
# Go KAZ !
|
# Go KAZ !
|
||||||
# KAZ specific things
|
# KAZ specific things
|
||||||
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
||||||
|
@ -21,8 +21,8 @@ hosts:
|
|||||||
- bgprouter:
|
- bgprouter:
|
||||||
asn: 12
|
asn: 12
|
||||||
asdev: eth1
|
asdev: eth1
|
||||||
neighbors4: 100.64.1.1 as 31
|
neighbors4: 100.64.0.1 as 30
|
||||||
neighbors6: 2001:db8:b001::1 as 31
|
neighbors6: 2001:db8:b000::1 as 30
|
||||||
- resolv:
|
- resolv:
|
||||||
nameserver: 100.100.100.100
|
nameserver: 100.100.100.100
|
||||||
domain: mica.milxc
|
domain: mica.milxc
|
||||||
|
@ -21,8 +21,8 @@ hosts:
|
|||||||
- bgprouter:
|
- bgprouter:
|
||||||
asn: 7
|
asn: 7
|
||||||
asdev: eth2
|
asdev: eth2
|
||||||
neighbors4: 100.64.0.1 as 30;100.64.1.1 as 31
|
neighbors4: 100.64.0.1 as 30
|
||||||
neighbors6: 2001:db8:b000::1 as 30;2001:db8:b001::1 as 31
|
neighbors6: 2001:db8:b000::1 as 30
|
||||||
- resolv:
|
- resolv:
|
||||||
nameserver: 100.100.100.100
|
nameserver: 100.100.100.100
|
||||||
domain: opendns.milxc
|
domain: opendns.milxc
|
||||||
|
Loading…
Reference in New Issue
Block a user